diff --git a/modules/nixos/server/web-servers/default.nix b/modules/nixos/server/web-servers/default.nix
index d409ae1..6225676 100644
--- a/modules/nixos/server/web-servers/default.nix
+++ b/modules/nixos/server/web-servers/default.nix
@@ -14,10 +14,10 @@ in
         acceptTerms = true;
         defaults = {
           inherit (config.system.mainUser) email;
+          #TODO: switch back to production environment
+          server = "https://acme-staging-v02.api.letsencrypt.org/directory";
           dnsProvider = "cloudflare";
-          credentialFiles = {
-            "CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
-          };
+          credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
         };
       };
     })
diff --git a/modules/nixos/server/web-servers/nginx/default.nix b/modules/nixos/server/web-servers/nginx/default.nix
index d193753..f5f36cc 100644
--- a/modules/nixos/server/web-servers/nginx/default.nix
+++ b/modules/nixos/server/web-servers/nginx/default.nix
@@ -52,18 +52,10 @@ in
             extraConfig = lib.mkOption {
               type = attrs;
               default = { };
-              description = "Will be added to locations.\"/\"";
             };
           };
         });
       default = [ ];
-      example = [
-        {
-          source = "chat.bwfiq.com";
-          target = "http://helios:3080";
-          extraConfig = { };
-        }
-      ];
     };
   };
 
diff --git a/systems/x86_64-linux/apollo/default.nix b/systems/x86_64-linux/apollo/default.nix
index 6fb27cb..75a76e3 100644
--- a/systems/x86_64-linux/apollo/default.nix
+++ b/systems/x86_64-linux/apollo/default.nix
@@ -32,6 +32,7 @@
       mattermost.url = "mm.bwfiq.com";
     };
     web-servers = {
+      enableSSL = true;
       nginx = {
         enable = true;
         proxies = [